Computer Security
[EN] securityvulns.ru no-pyccku


RSA Keon crossite scripting
Published:24.10.2007
Source:
SecurityVulns ID:8290
Type:remote
Threat Level:
5/10
Description:Crossite scripting in Request-spk.xuda and Add-msie-request.xuda components.
Original documentdocumentFatih Ozavci, [GS07-02] RSA Keon Multiple Cross-Site Scripting Vulnerabilities (24.10.2007)

IBM Lotus Notes multiple security vulnerabilities
updated since 23.10.2007
Published:24.10.2007
Source:
SecurityVulns ID:8286
Type:client
Threat Level:
7/10
Description:Buffer overflow on viewing of different attachment types, information leak between local users thorugh memory mapped files.
Affected:IBM : Lotus Domino 6.5
 IBM : Lotus Notes 7.0
 IBM : Lotus Notes 8.0
CVE:CVE-2007-5544
 CVE-2007-4222
 CVE-2007-3510
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Domino IMAP Buffer Overflow Vulnerability (24.10.2007)
 documentIDEFENSE, iDefense Security Advisory 10.23.07: IBM Lotus Notes Client TagAttributeListCopy Buffer Overflow Vulnerability (24.10.2007)
 documentSYMANTEC, SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability (23.10.2007)
 documentTAN Chew Keong, [vuln.sg] IBM Lotus Notes Attachment Viewer Buffer Overflow Vulnerabilities (23.10.2007)
Files:IBM Lotus Domino - IMAP4 Mailbox Name Stack Overflow Exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 24.10.2007
Published:24.10.2007
Source:
SecurityVulns ID:8287
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Original documentdocumentmorin.josh_(at)_gmail.com, Novell OpenSUSE SWAMP multiple XSS (24.10.2007)
 documentjoseph.giron13_(at)_gmail.com, Bosdev Multiple vulnerabilities (24.10.2007)
 documentpete.houston.17187_(at)_gmail.com, [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar (24.10.2007)
 documentAdvisory_(at)_Aria-Security.net, Aria-Security.Net [Web based alpha tabbed address book SQL Injection] (24.10.2007)
 documentjoseph.giron13_(at)_gmail.com, Aleris Software Systems Web Publisher Calendar SQL injection (24.10.2007)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security.Net] CodeWidgets.Com Online Event Registration Multiple login SQL Injection (24.10.2007)
 documentAdvisory_(at)_Aria-Security.net, OSI CODES - PHP Live! Remote File Inclusion (24.10.2007)

Debian Linux reprepro authentication bypass
Published:24.10.2007
Source:
SecurityVulns ID:8288
Type:m-i-t-m
Threat Level:
5/10
Description:Unkonwn package signatures are not checked .
Affected:REPREPRO : reprepro 1.3
CVE:CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass (24.10.2007)

HP OpenView unauthorized access
Published:24.10.2007
Source:
SecurityVulns ID:8289
Type:remote
Threat Level:
6/10
Description:HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) unauthorized access thorugh httpd.tkd.
Affected:HP : OpenView Configuration Management Infrastructure 4.0
 HP : OpenView Configuration Management Infrastructure 4.1
 HP : OpenView Configuration Management Infrastructure 4.2
 HP : OpenView Client Configuration Manager 2.0
CVE:CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.)
Original documentdocumentHP, HPSBMA02279 SSRT071298 rev.1 - HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data (24.10.2007)

Microsoft Windows TCP/IP stack IGMP DoS
updated since 15.02.2006
Published:24.10.2007
Source:
SecurityVulns ID:5771
Type:remote
Threat Level:
6/10
Description:System hangs on malformed IGMPv3 packet.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : WIndows Mobile 5.0
 MICROSOFT : Windows CE 5.01
CVE:CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via certain malformed IGMP packets, aka the "IGMP v3 DoS Vulnerability.")
Original documentdocumentSYMANTEC, SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service (24.10.2007)
 documentАлексей Синцов, igmp v3 dos (18.03.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446) (15.02.2006)
Files:MS06-007 Denial of Service POC exploit (for Linux)
 IGMP v3 DoS Exploit (MS06-007) by Alexey Sintsov
 Microsoft Security Bulletin MS06-007 Vulnerability in TCP/IP Could Allow Denial of Service (913446)

Miranda instant messenger multiple security vulnerabilities
Published:24.10.2007
Source:
SecurityVulns ID:8291
Type:remote
Threat Level:
6/10
Description:Yahoo! messenger plugin multiple buffer overflows.
Affected:MIRANDAIM : Miranda IM 0.6
 MIRANDAIM : Miranda IM 0.7
CVE:CVE-2007-5543
 CVE-2007-5542
Original documentdocumentResearch, [Full-disclosure] Miranda IM Multiple Buffer Overflow Vulnerabilities (24.10.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod